Search:  

Previous pageInstalling neatComponents Next page
Server Hardening 

The Server

neatComponents works with the following operating systems, 'out of the box':

  • Windows 2003 Server Standard Edition 
  • Windows 2003 Server Web Edition
  • Windows Home Server edition
  • Windows 7
  • Windows 8 Pro
  • Windows 2008 Server
  • Windows 2012R2 Server
  • Windows XP Professional (multiple-sites, but only one at a time)

In a live environment it may be considered best practise to 'harden' the operating system by locking down permissions to restrict potential activities by malware.

Clearly, in hardening the system, it is important to ensure you do not prevent the neatComponents system itself from functioning. neatComponents has to perform many more tasks than a standard 'static' website. For example, it installs DLLs, and manipulates the IIS metabase, and depending on the configuration, it installs (and itself hardens) a database.

In hardening, you should ensure you do not override any essential permissions. For example, neatComponents needs the I_WAM / I_USR (Internet Guest / Launch IIS Process) accounts to be able to edit / write files in the following directories (it will have set these permissions itself when installed):

C:\Program Files\Enstar\neatComponents\sites_secure
C:\Program Files\Enstar\neatComponents\wwwroot\sites
C:\Program Files\Enstar\neatComponents\wwwroot\v\images\SitePreview
C:\Program Files\Enstar\neatComponents\MailDrop
C:\Program Files\Enstar\neatComponents\errors
C:\Program Files\Enstar\neatComponents\BackgroundService

Anti-virus software

We do not recommend the installation of anti-virus software on the server. Such software, whilst well-meaning, can cause server corruption and can seriously degrade performance. 

Firewall

We recommend you install a separate hardware firewall between the server and any other devices. This should block all incoming traffic except that needed for the system to operate.

The firewall should permit inbound traffic on:

  • Port 80 - HTTP - Web requests
  • Ports required for Terminal Services Remote Control or equivalent

The firewall should permit outbound traffic on:

  • Port 21 - FTP
  • Port 25 - SMTP
  • Port 80 - HTTP
  • Port 53 - DNS

In addition, the server hosting company may require extra ports to be open to permit them to manage and backup the server, however these should be restricted to the minimum (opening all 65536 ports is not a good idea). Ports opened for this purpose should be restricted to only those IP addresses required by the hosting company, and should not include the IP addresses of other hosted servers.

 


Note: This information is subject to change as new functionality is released

Installing neatComponents